Show account aliases when assuming roles via Set-AWSSamlRoleProfile

[mitchellrj]

Expected Behavior Friendly account aliases are shown in the list when using Set-AWSSamlRoleProfile interactively, as they are in the web interface.

Current Behavior Only account numbers are shown.

Possible Solution All of these involve working on a joint solution with the team that manage the IAM SAML integration.

1. Create an API endpoint that allows AWS account aliases to be returned - the https://signin.aws.amazon.com/saml endpoint achieves this in the back-end when processing the SAML response. Then integrate a failsafe call to that into the PowerShell module.
2. Define a new SAML attribute that maps roles to aliases and support that in PowerShell.
3. Extend the existing SAML role attribute format to allow inclusion of an alias.

Steps to Reproduce (for bugs)

1. Integrate an IdP
2. Call Set-AWSSamlRoleProfile with credentials that return more than 1 role

Context Poor UX, that could lead to mistakes. Possibly CWE-655.

[bogdanpopey]

great. would love this implemented soon.

[ebickle]

I have over 30 roles across a large number of accounts, so this is something necessary for our teams to use Set-AWSSamlRoleProfile.

As part of this change I'd also recommend the role profile names stored by -StoreAllRoles be changed to something friendly as well - e.g. my-account-alias/my-role-name instead of 123456789012345:role/my-role-name. The :role part is redundant and unhelpful when specifying -profile at the CLI

[github-actions[bot]]

We have noticed this issue has not recieved attention in 1 year. We will close this issue for now. If you think this is in error, please feel free to comment and reopen the issue.